Template authorisation

Deadbolt tags does not offer any real protected against misuse on your server side, but it does allow you to customise your UI according to the
privileges of the current user.

Each tag has an "Or" variant, e.g. restrictOr, that allows you to pass in a alternative body for when authorisation fails.

For each example, the unprotected content is on the left, the Deadbolt tag is in the center and the result of the authorisation is on the right.

subjectPresent

This is one of the simplest constraints in Deadbolt. It simply requires that a user be present (i.e. logged in).

Unprotected content

Specification

Result

This content should be visible

@subjectPresent(handler) {
This content should be visible
}

This content should be visible

This content should NOT be visible

@subjectPresent(new security.MyUserlessDeadboltHandler) {
This content should NOT be visible
}

This content should be visible

@subjectPresentOr(handler) {
This content should be visible
}{Sorry, no access}

This content should be visible

This content should NOT be visible

@subjectPresentOr(new security.MyUserlessDeadboltHandler) {
This content should be NOT visible
}{Sorry, no access}

Sorry, no access

subjectNotPresent

The counterpart to subjectPresent. This constraint requires that a user isn't present (i.e. no-one is logged in).

Unprotected content

Specification

Result

This content should NOT be visible

@subjectNotPresent(handler) {
This content should NOT be visible
}

This content should be visible

@subjectNotPresent(new security.MyUserlessDeadboltHandler) {
This content should be visible
}

This content should be visible

This content should NOT be visible

@subjectNotPresentOr(handler) {
This content should NOT be visible
}{Sorry, no access}

Sorry, no access

This content should be visible

@subjectNotPresentOr(new security.MyUserlessDeadboltHandler) {
This content should be visible
}{Sorry, no access}

This content should be visible

restrict

restrict uses an ANDed set of roles within an array to determine if a part of a template is rendered. For example, a user with the roles "foo" and "bar"
could see a restrict-protected area of template that required any of the following:

foo

bar

foo AND bar

However, a restrict that required "foo", "bar" and "hurdy" would not render the protected area.

Giving multiple arrays in the list gives the equivalent of the Restrictions controller action.

As a convenience for creating Array[String] instances, you can use the TemplateUtils#as(String...) method.

Unprotected content

Specification

Result

This content should be visible

@restrict(handler, List(as("foo", "bar"))) {
This content should be visible
}

This content should be visible

This content should NOT be visible

@restrict(handler, List(as("foo", "bar", "hurdy"))) {
This content should NOT be visible
}